Guest Column | May 16, 2018

MHRA Ramps Up Data Integrity, Global Supply Chain Security Efforts

By Jerry Chapman

London UK Big Ben

Major efforts are underway by health regulatory authorities around the globe to secure drug and device supply chains and address the quality of data in approval applications and manufacturing operations.

At the FDA/PharmaLink Conference at Xavier University in March, U.K. Medicines and Healthcare products Regulatory Agency (MHRA) Senior GMDP (good manufacturing and distribution practices) Inspector Tracy Moore discussed MHRA’s efforts regarding supply chain security and international efforts on harmonization of data integrity guidance.

Supply Chain An MHRA Strategic Priority

One of MHRA’s “strategic priorities” is to secure global supply chains, Moore said. This includes identifying producers of counterfeit and illicit medicines. Illicit drugs include those diverted from legitimate supply chains.

As part of that effort, MHRA was one of 197 police, customs, and health regulatory authorities from 123 countries that participated in the 10th annual Operation Pangea conducted in September 2017 and coordinated by INTERPOL.

Moore said Pangea X targeted Internet service providers (ISPs), electronic payment systems, and mail delivery services related to the most problematic illicit Internet pharmacies known at the time. It also included a focus on medical devices for the first time.

“On one of the raids,” Moore recounted, “they actually found a load of pharmaceutical products. We are talking pallets and pallets. Actually this was in a bonded store. We were not expecting to find this amount. We were looking for packages, because we were told mail order stuff was coming in here. But out in the back, there was a large number of pallets.”

The pallets turned out to be a shipment that had come into the U.K. from a third country (i.e., not a member of the EU). “It had been rejected at the U.K. importers because the wooden pallets had been moldy and had contaminated the whole shipment.”

Moore explained that the importer was suspected of attempting to return the shipment. “We do not know the full story. We seized and destroyed it because we were not sure whether they were going to try to send it back to repackage it and send it back in. So we intervened at that level. And then I rounded up a group and targeted every other importer from the facility that shipment came from and did an operation from that perspective.”

Focus On Illicit Websites

While different countries and agencies focused on different aspects of Pangea, MHRA’s primary task involved evaluating Internet sites selling drugs and devices suspected of being illicit.

MHRA monitored 3,413 websites, and “we took them all down,” Moore said. The overall Pangea operation resulted in 400 arrests worldwide, 76 of which were connected to eight organized crime groups. “These are serious crime rings that we managed to disrupt.”

She reported that nearly 800,000 packages were inspected per intelligence that they might contain counterfeit or illicit products. Over 400,000 of the packages were found to contain illicit medicines and medical devices. INTERPOL estimated the value of products seized and destroyed at $60 million.

In addition, Moore said, the operation seized heroin, cocaine, ecstasy, and lethal weapons. “One of the main outcomes is the perpetrators are now using the dark net for advertising and selling the medicines. So they are enhancing the measures to hide their activity. We as regulators need to be cleverer.”

MHRA GxP Data Integrity Guide Draft Draws Significant Number Of Comments

Moore provided insight into MHRA’s recently released GxP Data Integrity Guide and the hurdles that needed to be jumped to finalize the draft, including British government communication guidelines that dictate the level at which guidance documents need to be written.

In the guide, “GxP” refers to the various good practices regulated by the MHRA, including the good laboratory practice monitoring authority (GLPMA). These are good clinical practice (GCP), good distribution practice (GDP), good laboratory practice (GLP), good manufacturing practice (GMP), and good pharmacovigilance practice (GPvP).

In the background section of the guide, the agency notes systems to support pharma operations “can range from manual processes with paper records to the use of fully computerized systems. The main purpose of the regulatory requirements remains the same, i.e., having confidence in the quality and the integrity of the data generated to ensure patient safety and quality of products and being able to reconstruct activities.”

The 21-page guide includes sections on:

• the principles of data integrity

• establishing data criticality and inherent integrity risk

• designing systems and processes to assure data integrity, creating the “right environment”

•definitions of terms and interpretations of requirements.

The definitions and interpretations section comprises the bulk of the guide and takes a deep dive into terminology, expectations, and requirements. It addresses topics such as raw data, metadata, data governance and life cycle, and audit trails.

The guide, which was released on March 9, was issued as a draft in July 2016. “The reason it took so long [to issue the final guide] is because when it went out for consultation we received about 1,600 lines of comments,” Moore explained. “By the time we removed duplicates, it ended up to be about 1,300 comments. It was across sectors, because it is GxP, not just GMP.”

The volume of comments from industry and trade and professional groups required an extended period of review by MHRA’s GxP data integrity team formed from its GCP, GDP, GLP, GMP, and GPvP inspection groups.

“The team has done a great job carefully considering the important stakeholder feedback while balancing our other inspectorate commitments,” Moore commented. “I am confident the resulting document reflects the high degree of engagement between MHRA and the industry we regulate.” It will replace the GMP Data Integrity Guide, and the draft consultation paper will be removed.

Data Integrity For 7-Year-Olds

“It has some new sections,” Moore pointed out. “It had some sections removed from it because some of it just did not make sense. The other complication we have is being a government body. When this went through the comment process, I got an email from the head of government communications asking if we could talk about it.”

“They said, ‘a 7-year-old cannot understand this.’ I asked why a 7-year-old would need to understand it. ‘Because it does not meet the government requirements. The requirements are that a 7-year-old must be able to understand this document. You cannot keep this section in. And you cannot keep that section in. It is far too technical.’”

As a result, Moore said, “There was a lot of negotiation; 99.9 percent remains, but some of it had to come out, because in their opinion it did not meet the government communication requirements. There is no apology there. Hopefully everything is succinct. There are things we could put in there, and things we could have clarified further. But if it is not there, it is because we just could not. That is the only way to look at it.”

Data Integrity Guidance Being Harmonized Internationally

Moore noted that while MHRA, the FDA, and the WHO all have separate guides on data integrity (DI), there are behind-the-scenes efforts to ensure they are consistent.

“You might be interested to know that quite often it is the same people reviewing these guidance documents,” she commented. “We all talk. And we all review each other’s work. The idea is that we are harmonized. That is the point. So any guidance documents you pick up should complement each other. They should only tell you something different if there is a specific national requirement.”

There are multiple documents, she said, because, “WHO goes to territories we do not. There are places out there that do not supply the U.S. or Europe, but they supply medicines that are critical from a government perspective. So we help them write and review their guidelines.”

Moore also pointed to the work the Pharmaceutical Inspection Convention and Pharmaceutical Inspection Cooperation Scheme (PIC/S) has done in DI.

The PIC/S is currently co-chaired by MHRA and Australia’s Therapeutic Goods Administration (TGA). “There are FDA investigators on their panel who perform reviews. We also look at all the industry documents, like ISPE’s, and we review the GAMP [good automation manufacturing practices] forum documents by request. We quite often will review their documents and give them feedback, as will other national regulators.”

“What PIC/S does is they educate inspectors and investigators,” she said. “So their guide is not governed by any individual government control. Even though it is not written for industry, you can very much use it.”

About The Author:

Jerry Chapman is a GMP consultant with nearly 40 years of experience in the pharmaceutical industry. His experience includes numerous positions in development, manufacturing, and quality at the plant, site, and corporate levels. He designed and implemented a comprehensive “GMP intelligence” process at Eli Lilly and again as a consultant at a top-five animal health firm. Chapman served as senior editor at International Pharmaceutical Quality (IPQ) for six years and now consults on GMP intelligence and quality knowledge management and is a freelance writer. You can contact him via email, visit his website, or connect with him on LinkedIn.